NBN: ACCC wet dream, security nightmare

The National Broadband Network (NBN) will provide unprecedented opportunities for consumer choice and competition, says network strategist Paul Brooks from Layer 10. But, at the same time, it will create 10 million potentially insecure home networks and unprecedented security challenges.

The National Broadband Network (NBN) will provide unprecedented opportunities for consumer choice and competition, says network strategist Paul Brooks from Layer 10. But, at the same time, it will create 10 million potentially insecure home networks and unprecedented security challenges.

"The vast majority of the networks in this country over the course of the next decade, the person installing them, buying them — forget about maintaining them — will not have the foggiest clue what they're doing, and that's scary from a security perspective," Brooks told the AusCERT information security conference last week.

The key security challenge, Brooks said, will be managing multiple secure networks in homes and small businesses.

Most of these broadband-enabled locations currently have a single data network running through a simple internet gateway device to an internet service provider (ISP). The default configurations are usually adequate.

The NBN, however, will provide an optical network termination (ONT) device that has four Ethernet ports and two PSTN ports, and each port may connect to a different service provider. A home might use one Ethernet port each for their ISP, pay TV, their energy provider's smart meter and a security system with cameras and alarms.

Service and content providers will want each service to be on its own network. A pay-per-view movie service, for example, would want a separate encrypted connection all the way to the TV screen to deter copyright infringement. Consumers, however, will want to cross-connect services so that they can, for example, watch movies or take phone calls on the computer.

Consumers will probably avoid the cost of separate data networks for each service. Brooks believes that they're more likely to keep using a single local area network (LAN) for all their NBN-connected devices, and a single gateway device to connect the LAN to the NBN's ONT. Services that are kept separate within the NBN itself will become mingled in this home network.

If a householder uses a standard broadband gateway for this, they'll create a routing nightmare. If they make a mistake setting it up, they run the risk of data intended for the once-separate secure networks finding its way to the wrong network or, worse still, out to the open internet.

"How do we handle multiple upstream ports running through one device? How to handle when you get different multiple IP address ranges to be assigned by your different service providers? What happens when those ... service providers send down the same IP address overlapping? How is your gateway supposed to figure out which one of those providers to send the upstream packets to?" Brooks said.

"Are we going to have to get the ISPs to all send trusted routing updates down, and have your broadband router be a real router and understand how to distinguish between three, four, five, six different upstream channels all at the same time? At the moment, they don't have the chipset power to do that."

If a consumer fails to solve these more difficult routing problems, the result could be confidential information being set upstream along the wrong network path. "If you want that information, it's going to be far, far easier the crack the home of a plumber than to try to tap NBN Co's network or the ISPs, because they actually know what they're doing," he said. And none of this is the NBN's fault, he said, because the NBN is working perfectly.

From a service provider's point of view, the customer has bridged your network to the that of the other service providers.

Despite these problems, Brooks believes that the NBN is "the ultimate enabler of competition and choice".

"We're now entering a third era of home and small business communications where you can choose several providers from many providers and have them all running simultaneously," he said. "If you wanted to do time-of-day internet routing and choose which ISP you wanted to use — one in the morning, one in the afternoon — because they each offered an off-peak rate at different times, you can do that."

You could also try a new service provider on a spare port before committing to them, and transferring between service providers could be done without a gap in service.

"The [Australian Competition and Consumer Commission']s wet dream is the NBN," Brooks said.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.